Site changes

Hey all,

Just a quick note – I updated my blog template a bit. On the right, I added some new links and I added some info about myself at the top. I also added “previous” and “next” links above the posts. Hopefully these changes make it easier to get around. Let me know if I broke anything in the process!

That’s all for today! Ron

Continue reading

Watch out for evil SMB servers: MS10-006

Thanks to a Google Alert on my name, I recently found Laurent Gaffié’s blog post about MS10-006 (Microsoft Technet link).

Continue reading

How-to: install an Nmap script

Hey all,

I often find myself explaining to people how to install a script that isn’t included in Nmap. Rather than write it over and over, this is a quick tutorial.

Continue reading

VM Stealing: The Nmap way (CVE-2009-3733 exploit)

Greetings!

If you were at Shmoocon this past weekend, you might remember a talk on Friday, done by Justin Morehouse and Tony Flick, on VMWare Guest Stealing. If you don’t, you probably started drinking too early. :)

Continue reading

Why settle for (stealing) one password?

This is just a quick thought I had at work today – actually, I had it in November, but just got around to posting it now. Common story, but eh?

Continue reading

smb-psexec.nse: owning Windows, fast (Part 3)

Posts in this series (I’ll add links as they’re written):

  1. What does smb-psexec do?
  2. Sample configurations ("sample.lua")
  3. <a href=/blog/?p=404'>Default configuration ("default.lua")</a>
  4. Advanced configuration ("pwdump.lua" and "backdoor.lua")
Continue reading

Who’s going to Shmoocon?

Hey everybody,

I’m heading to Shmoocon on Feb 4 - 8, so two things:

a) Who wants to meet up? I have plans on the Saturday, but not much else yet.

b) Please don’t hack me while I’m gone. ;)

Continue reading

smb-psexec.nse: owning Windows, fast (Part 2)

Posts in this series (I’ll add links as they’re written):

  1. What does smb-psexec do?
  2. Sample configurations ("sample.lua")
  3. Default configuration ("default.lua")
  4. Advanced configuration ("pwdump.lua" and "backdoor.lua")
Continue reading

smb-psexec.nse: owning Windows, fast (Part 1)

Posts in this series (I’ll add links as they’re written):

  1. What does smb-psexec do?
  2. Sample configurations ("sample.lua")
  3. Default configuration ("default.lua")
  4. Advanced configuration ("pwdump.lua" and "backdoor.lua")
Continue reading

Pwning hotel guests

Greetings everybody!

I spent a good part of the past month traveling, which meant staying in several hotels, both planned and unplanned. There’s nothing like having a canceled flight and spending a boring night in San Francisco! But hey, why be bored when you have a packet sniffer installed? :)

Continue reading

Toorcon Slides

Hey all,

Thanks for everybody who came out to my Toorcon talk! I had a great weekend, even the part where I got stuck in San Fransisco and spent two full days getting home. Oops :)

A couple people asked me if I’d put up my slides, so here you go: http://svn.skullsecurity.org:81/ron/security/2009-10-toorcon/2009-10%20Toorcon.pdf

(If you want the original OpenOffice format, directory listings are enabled on that server)

Thanks once again, and it was great to meet all of you!

Continue reading

Nmap script: enumerating iSCSI devices

This is just a quick shout out to Michel Chamberland over at the SecurityWire blog. He wrote a <a href=http://blog.securitywire.com/2009/10/10/nmap-nse-script-to-enumerate-iscsi-targets/>Script to enumerate iSCSI Targets</a>. Unfortunately, I don’t have any iSCSI to test on, but if you do he’d love to hear from you!

Ron

Continue reading

Toorcon coming up!

Hey all,

I’ll be presenting at Toorcon San Diego in a couple week (finalized lineup, my talk!).

Continue reading

Updated: Scanning for Microsoft FTP with Nmap

Hi all,

I wrote a blog last week about scanning for Microsoft FTP with Nmap. In some situations the script I linked to wouldn’t work, so I gave it an overhaul and it should work nicely now.

Continue reading

Zombie Web servers: are you one?

Greetings!

I found this excellent writeup of a Web-server botnet on Slashdot this weekend. Since it sounded like just the thing for Nmap to detect, I wrote a quick script!

Continue reading

Scorched earth: Finding vulnerable SMBv2 systems with Nmap

Hello once again!

I just finished updating my smb-check-vulns.nse Nmap script to check for the recent SMBv2 vulnerability, which had a proof-of-concept posted on full-disclosure.

WARNING: This script will cause vulnerable systems to bluescreen and restart. Do NOT run this in a production environment, unless you like angry phonecalls. You have been warned!

Continue reading

Random picture: Traffic control box

I was going to do a post about Nmap today, but since their svn is having some issues, you’re going to get something a little more fun (in my opinion)!

My friend snapped this picture in Vancouver, BC near Stanley Park (the picture is geocoded, so check out the Exif data if you want to know exactly where).

Click for a bigger version.

Continue reading

Scanning for Microsoft FTP with Nmap

Hi all,

It’s been awhile since my last post, but don’t worry! I have a few lined up, particularly about scanning HTTP servers with Nmap. More on that soon!

In the meantime, I wanted to direct your attention to <a href=’http://blog.rootshell.be/2009/09/01/detecting-vulnerable-iis-ftp-hosts-using-nmap/’‘>This post (update here) about finding potentially vulnerable Microsoft FTP servers.

Continue reading

Nmap 5.00 released — lots of new features!

View my post on Slashdot

I’m just going to quote my Slashdot post inline.. check out the links for all the nitty gritty details. The bottom line is that 5.00 is awesome, and includes everything I’ve written as yet – download it! :)

Continue reading

Two locks, one bike?

Hi all,

I had the weirdest thing happen to me today, and I couldn't resist sharing it. If you're looking for security tips or tricks, move along. If you want a funny story (that sort of involves security), stick around!

Continue reading